DH warned about risk of cyber-attack a year before WannaCry incident

The DH had been warned about the risks of cyber-attack to the NHS a year before trusts were hit by hackers in May, but did not formally respond with a written report until a full month later in July.

A new government report written by the National Audit Office (NAO) has criticised both DH and NHS England for not doing enough to prevent cyber-attacks, arguing that there was no formal mechanism to assess whether trusts were conforming with guidelines to move away from outdated software like Windows XP before the WannaCry attack on 12 May this year.

The cyber-attack hit a number of trusts across the country, locking staff out of their computer and demanding a $300 ransom fee.

Researchers said that the attack led to disruption in over a third (34%) of trusts and caused around 19,000 appointments to be cancelled.

Though the NAO confirmed that no trusts paid the ransom, it said that it was unclear how much the disruption cost NHS organisations overall.

And while the report added that the Department had developed a plan, which included instructions on how organisations should respond to an attack, it went on to say that this plan had not been properly tested at a local level.

NHS Digital also told the NAO that all organisations infected by WannaCry shared the same vulnerability, and could have taken “relatively simple” action to protect themselves.

The report concluded by saying that the NHS accepted there were “lessons to learn” from the attack, and that it was taking action to make sure an attack of this magnitude did not happen again.

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients,” said Sir Amyas Morse, head of the NAO.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.

“There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Keith McNeil, chief clinical information officer for Health and Care argued that luckily, no harm was caused to patients and there were no incidents of patient data being compromised or stolen. 

“Tried and tested emergency plans were activated quickly and our hard-working NHS staff went the extra mile to provide patient care, keeping the impact on NHS services and patients to a minimum,” he continued.

And director of development and operations at NHS Providers, Ben Clacy, added that the attack brought “significant disruption” to the NHS and many other organisations around the world, and that lessons needed to be learned from it.

 “It rightly acknowledges the important contribution of NHS staff who worked overtime including over the weekend to stop or minimise the impact of the attack on patients,” Clacy commented.

 “A large majority of the affected trusts managed to carry on treating urgent and emergency patients through the weekend, and a few days after the attack only two were still diverting patients.

“That tells us a lot about the commitment, resilience and resourcefulness of staff working under difficult conditions.”

The NHS Providers director also explained that the NHS was taking steps at national and local level to prepare for the next attack.

“Part of this is to ensure that trusts apply software patches and keep anti-virus software up to date. And there are lessons too around communication, both within the NHS and with the wider public,” he stated.

“And this incident was a powerful reminder that we need significant capital investment to ensure we can deal with the threat of cybercrime in the future.”

Following the attack, DH pledged £50m to go towards improving NHS digital security. Back in August, it was also revealed that trusts could face heavy fines if they fail to safeguard against cyber-attacks in the future.

Have you got a story to tell? Would you like to become a NHE columnist? If so, click here.


There are no comments. Why not be the first?

Add your comment


national health executive tv

more videos >

latest news

View all News


Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
Nurses named as least-appreciated public sector workers

13/06/2019Nurses named as least-appreciated public sector workers

Nurses have been named as the most under-appreciated public sector professi... more >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital exemplars who were revealed at the same show 12 months earlier.  Jeremy Hunt also stated that by the end of 2018 – the 70th birthday... read more >

last word

The NHS needs more senior women in leadership

The NHS needs more senior women in leadership

The gender pay gap in the NHS remains a hotly debated topic, especially as the final report from the Gender Pay Gap in Medicine Review approaches. Andrea Hester, deputy director of employment relati more > more last word articles >


NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took st... more >

the scalpel's daily blog

An ageing population means hand care and injury prevention is more important than ever

23/08/2019An ageing population means hand care and injury prevention is more important than ever

Grey Giddins, member of the British Society for Surgery of the Hand, discusses how hand care and injury prevention have become increasingly important given the UK’s agei... more >
read more blog posts from 'the scalpel' >

healthcare events

events calendar


September 2019

mon tue wed thu fri sat sun
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6

featured articles

View all News